---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/metrics
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  - networking.k8s.io
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
  verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: monitoring
---
apiVersion: v1
kind: Service
metadata:
  name: prometheus-sys
  namespace: monitoring
  labels:
    app: prometheus-sys
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9090
  clusterIP: None
  selector:
    app: prometheus-sys
---
kind: Service
apiVersion: v1
metadata:
  name: prometheus-sys-connect
  namespace: monitoring
spec:
  selector:
    app: prometheus-sys
    statefulset.kubernetes.io/pod-name: prometheus-sys-0
  ports:
    - protocol: TCP
      port: 9090
      targetPort: 9090
  type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: prometheus-sys
  labels:
    app: prometheus-sys
  namespace: monitoring
  annotations:
    reloader.stakater.com/auto: "true"
    configmap.reloader.stakater.com/reload: "prometheus-config"
spec:
  replicas: 1
  serviceName: prometheus-sys
  selector:
    matchLabels:
      app: prometheus-sys
  template:
    metadata:
      labels:
        app: prometheus-sys
    spec:
      serviceAccountName: prometheus
      priorityClassName: low-priority
      containers:
      - name: prometheus-sys
        image: quay.io/prometheus/prometheus:v2.26.0
        imagePullPolicy: IfNotPresent
        args:
          - --storage.tsdb.retention.time=2h
          - --config.file=/etc/prometheus/prometheus.yml
          - --web.listen-address=0.0.0.0:9090
          - --storage.tsdb.min-block-duration=2h
          - --storage.tsdb.max-block-duration=2h
          - --storage.tsdb.path=/prometheus
          - --web.console.libraries=/usr/share/prometheus/console_libraries
          - --web.console.templates=/usr/share/prometheus/consoles
          - --web.external-url=http://mon.kryukov.local:31080/prometheus/
        volumeMounts:
          - name: prometheus-config-volume
            mountPath: /etc/prometheus/prometheus.yml
            subPath: prometheus.yml
          - name: data
            mountPath: /prometheus
        ports:
        - containerPort: 9090
      volumes:
        - name: prometheus-config-volume
          configMap:
            name: prometheus-config
  volumeClaimTemplates:
    - metadata:
        name: data
      spec:
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: "managed-nfs-storage"
        resources:
          requests:
            storage: 10Gi
